Exploit For Worst Bug Of August On The Loose - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Exploit For Worst Bug Of August On The Loose

Security experts said the MS06-040 bug was the worst of the 23 patched by Microsoft this week. Now they say it's being used in attacks.

To emphasize the point, users who retrieved Tuesday's fixes via Windows or Microsoft Update were greeted with an additional "Addresses a critical security problem" notation below the listing for the MS06-040 update. The new line was color-coded in red.

Microsoft declined to elaborate further about the red-lettered warning or why it decided to debut the feature.

From comments made by other security analysts, the in-your-face alert was justified. "This is remotely exploitable," said Jonathan Bitle, product manager at security vendor Qualys. "We've seen this service exploited before with other worms, so it's definitely a concern."

Although large-scale worm attacks are almost a distant memory -- MSBlast, for instance, which exploited a similar Windows bug, broke three years ago this month -- Bitle said a worm attacking the newly-disclosed vulnerability was certainly possible. "There could be code out and available as we speak," he said. "It might be on the Web somewhere, though we haven't seen any yet."

The SANS Institute's Internet Storm Center made mention of impending threats, too. "[There has been] a lot of speculations about a possible worm," wrote Johannes Ullrich, the chief research officer for the ISC, on the organization's site. "But then again, worms are so 2004."

Maybe not.

"Criminals are in business to make money, and they'll try anything to get into your machine," said Symantec's Martin. "If they think this will work, they'll use it."

Microsoft offered alternatives for those who couldn't immediately deploy the patch, including blocking TCP ports 139 and 445 at the firewall.

"You should also watch the network traffic," advised Patrick. "If your security software is up to date, it should be able to spot the 'fingerprint' of the attack in the packet traffic."

Also on Tuesday, Microsoft posted a document to its support site that offers guidance on what update mechanisms can be used to deploy the August patches, including the one spelled out for MS06-040. The ISC urged enterprise users to turn to the document if they had trouble installing the fix.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 2
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll